Hello Ganbold -
Please let me know how you go with ResultInOutput.
regards
Hugh
On Thursday, Sep 4, 2003, at 12:10 Australia/Melbourne, Ganbold wrote:
Hi Hugh,
I added following lines in AuthEXTERNAL.pm and tested radiator.
----------------------------------------------------------------------- --------------------------------------
. . . . . .
my $exit = $?;
# added lines # print exit code $self->log($main::LOG_DEBUG, "first Exit: $exit",$p); print "first Exit: $exit\n";
# This usually sets $? close READER; # Sometimes need to do this too. $exit = $? if waitpid($pid, 0);
# added lines
# print exit code
$self->log($main::LOG_DEBUG, "Exit: $exit",$p);
print "Exit: $exit\n";
. . . . . .
----------------------------------------------------------------------- --------------------------------------
External program returns exit status 0, but radiator somehow understands it as 768 which is 3 (768/256) and sends Access-Challenge.
I also tested external program with following simple perl program, where test.txt contains access-requests. It also gets return value as 768.
----------------------------------------------------------------------- --------------------------------------
#!/usr/local/pin/perl
$x = system("cat test.txt | calccredittime");
print "return is: $x\n";
exit 0;
----------------------------------------------------------------------- --------------------------------------
I wrote simple C program which gets command line argument and returns that argument as a exit status. Small perl program gets restult
of program as it supposed to. Very strange.
I don't know what should do, I'll try ResultInOutput switch in radius config and let's see what happens.
Following is debug:
Code: Access-Request
Identifier: 9
Authentic: <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
Attributes:
User-Name = "44444444"
User-Password = "<28>_<171>Tm9<183><211>$~<173>l<151><190>Y!"
cisco-h323-conf-id = "h323-conf-id=07D022A7 DDB911D7 8008E236 347AF897"
cisco-avpair = "h323-ivr-out=transactionID:8"
Calling-Station-Id = "11323224"
Called-Station-Id = "0011236"
Service-Type = Login-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep 4 10:50:24 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime
Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for 44444444: Thu Sep 4 10:50:24 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21645 .... Code: Access-Challenge Identifier: 9 Authentic: <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@ Attributes: cisco-h323-return-code = "h323-return-code=0" cisco-h323-credit-time = "h323-credit-time=2516" Reply-Message = "first 5!"
At 09:54 PM 9/3/2003 +1000, you wrote:
Hello Ganbold -
It is possible that you may need to use "ResultInOutput" in this environment.
Have a look at the code in "Radius/AuthEXTERNAL.pm" and maybe add some print statements so you can see what is happening. And please let us know what you find.
regards
Hugh
On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote:
Hi,
I'm testing Radiator-3.6 in Windows 2000 advanced server.
I'm using AuthBy External clause in handlers. But when external program
returns 0 (Access-Accept) radiator understands it as a 3 and responds
with Access-Challenge response. External program worked well in
FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
above problem occurs.
How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution.
thanks in advance,
Ganbold Micom CO.,Ltd
--------------------------------------------------------------------- -- ---------------
Trace 4 debug:
--------------------------------------------------------------------- -- ---------------
Code: Access-Request Identifier: 149 Authentic: <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x Attributes: User-Name = "44444444" User-Password = "<159><192><246><10><228><184>Z<200>K<1><253><232><162>^Tv" cisco-h323-conf-id = "h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D" cisco-avpair = "h323-ivr-out=transactionID:114" Calling-Station-Id = "11323224" Called-Station-Id = "0011112365" Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444 Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444 Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444 Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444 Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444 Wed Sep 3 19:36:01 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for 44444444: Wed Sep 3 19:36:01 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21661 .... Code: Access-Challenge Identifier: 149 Authentic: <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x Attributes: cisco-h323-return-code = "h323-return-code=0" cisco-h323-credit-time = "h323-credit-time=1276" Reply-Message = "first 5!"
--------------------------------------------------------------------- -- ---------------
Below is my config:
--------------------------------------------------------------------- -- ---------------
#radius.cfg
Foreground Trace 4
AuthPort 1645 AcctPort 1646
LogDir d:\Radiator-3.6\log LogFile %L/logfile.txt
DictionaryFile d:\Radiator-3.6\dictionary
RewriteUsername s/^\s+// RewriteUsername s/\s+$// RewriteUsername s/\s+//g RewriteUsername tr/[A-Z]/[a-z]/
<Client xxx.xxx.xxx.xxx> Secret xxx NasType Cisco SNMPCommunity MN-2008 StatusServerShowClientDetails </Client>
<AuthBy SQL> DBSource dbi:mysql:voip_prepaid:localhost DBUsername xxx DBAuth xxx
Identifier VoipTerminate
AuthSelect
AccountingTable voip_termination AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef username,User-Name
AcctColumnDef calledstationid,Called-Station-Id AcctColumnDef callingstationid,Calling-Station-Id
AcctColumnDef
h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw- id}',locate('=','%{cisco-h323-gw-id}')+1))
AcctColumnDef
h323_call_origin,cisco-h323-call- origin,literal,trim(substring('%{cisco-h323-call- origin}',locate('=','%{cisco-h323-call-origin}')+1))
AcctColumnDef
h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco- h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
AcctColumnDef
h323_setup_time,cisco-h323-setup- time,literal,trim(substring('%{cisco- h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
AcctColumnDef
h323_connect_time,cisco-h323-connect- time,literal,trim(substring('%{cisco-h323-connect- time}',locate('=','%{cisco-h323-connect-time}')+1))
AcctColumnDef
h323_disconnect_time,cisco-h323-disconnect- time,literal,trim(substring('%{cisco-h323-disconnect- time}',locate('=','%{cisco-h323-disconnect-time}')+1))
AcctColumnDef
h323_disconnect_cause,cisco-h323-disconnect- cause,literal,trim(substring('%{cisco-h323-disconnect- cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
AcctColumnDef
h323_voice_quality,cisco-h323-voice- quality,literal,trim(substring('%{cisco-h323-voice- quality}',locate('=','%{cisco-h323-voice-quality}')+1))
AcctColumnDef
h323_remote_address,cisco-h323-remote- address,literal,trim(substring('%{cisco-h323-remote- address}',locate('=','%{cisco-h323-remote-address}')+1))
AcctColumnDef acctstatustype,Acct-Status-Type AcctColumnDef acctdelaytime,Acct-Delay-Time,integer AcctColumnDef acctsessionid,Acct-Session-Id AcctColumnDef acctinputoctets,Acct-Input-Octets,integer AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
AcctColumnDef acctsessiontime,Acct-Session-Time,integer AcctColumnDef time_stamp,Timestamp,integer </AuthBy>
<AuthBy EXTERNAL> Identifier PSA DecryptPassword Command d:\Radiator-3.6\hooks\PSA </AuthBy> <AuthBy EXTERNAL> Identifier TransBalance DecryptPassword Command d:\Radiator-3.6\hooks\TransBalance </AuthBy> <AuthBy EXTERNAL> Identifier CalcCreditTime DecryptPassword StripFromReply Reply-Message Command d:\Radiator-3.6\hooks\CalcCreditTime </AuthBy> <AuthBy EXTERNAL> Identifier CalcCreditAmount DecryptPassword StripFromReply Reply-Message Command d:\Radiator-3.6\hooks\CalcCreditAmount </AuthBy>
# 2 termination handler <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, cisco-h323-call-origin = /originate$/, cisco-h323-call-type = /Telephony$/> AuthBy VoipTerminate </Handler> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, cisco-h323-call-origin = /answer$/, cisco-h323-call-type = /VoIP$/> AuthBy VoipTerminate </Handler>
<Handler Request-Type = Accounting-Request, Acct-Status-Type = Start> PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse" </Handler>
<Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = /^([0-9])+$/> AuthBy CalcCreditAmount PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse" </Handler>
<Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = /^([0-9])+%([0-9])+$/> PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse" </Handler>
<Handler User-Name = /^([0-9])+%([0-9])+$/> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ RejectHasReason StripFromReply Reply-Message AccountingHandled AuthBy TransBalance </Handler>
<Handler User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ RejectHasReason # StripFromReply Reply-Message AccountingHandled AuthBy CalcCreditTime </Handler>
# skip error <Handler User-Name = ERROR> </Handler> <Handler User-Name = error> </Handler>
<Handler User-Name = /^([0-9])+$/> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ RejectHasReason StripFromReply Reply-Message AccountingHandled SessionDatabase SQL1 AuthBy PSA </Handler>
<SessionDatabase SQL> DBSource dbi:mysql:voip_prepaid:localhost DBUsername xxx DBAuth xxx
Identifier SQL1
AddQuery
DeleteQuery
ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
CountQuery
</SessionDatabase>
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
